What Are You Doing Right Now

WrCombs

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

DustinB3403

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

WrCombs

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

WrCombs

@WrCombs said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

10 cards were breached, all 10 cards were in that restaurant + the other 10 ; They don't know where they were breached. but it's a potential Breach.

scottalanmiller

@WrCombs said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

10 cards were breached, all 10 cards were in that restaurant + the other 10 ; They don't know where they were breached. but it's a potential Breach.

So it is a suspected breach? Everyone is a potential breach that we just don't know about. A suspected breach implies that someone actually suspects that it might have happened.

WrCombs

@scottalanmiller said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

10 cards were breached, all 10 cards were in that restaurant + the other 10 ; They don't know where they were breached. but it's a potential Breach.

So it is a suspected breach? Everyone is a potential breach that we just don't know about. A suspected breach implies that someone actually suspects that it might have happened.

That's the word I was looking for -

DustinB3403

@WrCombs said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

10 cards were breached, all 10 cards were in that restaurant + the other 10 ; They don't know where they were breached. but it's a potential Breach.

So it is a suspected breach? Everyone is a potential breach that we just don't know about. A suspected breach implies that someone actually suspects that it might have happened.

That's the word I was looking for -

I was wondering why potential was used, this answers that. A brain-fart (don't worry they happen to me too).

WrCombs

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

@DustinB3403 said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

Reviewing PCI compliance Failure at a site who had a "Potential Breach"

How is something a "Potential Breach"? They called you because something occurred, right? So they must've been breached.

Because it hasn't been confirmed - they received a letter along with 10 other business in the same area.

10 cards were breached, all 10 cards were in that restaurant + the other 10 ; They don't know where they were breached. but it's a potential Breach.

So it is a suspected breach? Everyone is a potential breach that we just don't know about. A suspected breach implies that someone actually suspects that it might have happened.

That's the word I was looking for -

I was wondering why potential was used, this answers that. A brain-fart (don't worry they happen to me too).

LOL yeah, that's it.

WrCombs

How can I check SSL Cert Expiration dates? and what's the next step on get an SSL Cert that isn't expired?

what in the hell is a Diffie-Hellman Module?
and how do I get one implemented to be over 2048 bits?

JaredBusch

@jt1001001 said in What Are You Doing Right Now:

Looking at a houses online. I think @scottalanmiller will appreciate this. Wife wants to move. Simply because we do not have room for another refrigerator or freezer and our current 2 fridge/freezer and 1 full freezer are filled up. I'm actually game for that as I would love to have a work area/home lab area again.

How about getting rid of the excess food that is likely never going to be eaten anyway.

WrCombs

what is a sweet32 vulnerability?

I have so many questions.

DustinB3403

@WrCombs said in What Are You Doing Right Now:

what is a sweet32 vulnerability?

I have so many questions.

https://sweet32.info/

WrCombs

@DustinB3403 thanks.

scotth

@WrCombs said in What Are You Doing Right Now:

How can I check SSL Cert Expiration dates? and what's the next step on get an SSL Cert that isn't expired?

what in the hell is a Diffie-Hellman Module?
and how do I get one implemented to be over 2048 bits?

You could bring someone on board right now to help you remediate if necessary. I'm sure there are plenty of folks here who not only know what a DH module is, but how to get you moving in the right direction really fast.

scotth

@scotth said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

How can I check SSL Cert Expiration dates? and what's the next step on get an SSL Cert that isn't expired?

what in the hell is a Diffie-Hellman Module?
and how do I get one implemented to be over 2048 bits?

You could bring someone on board right now to help you remediate if necessary. I'm sure there are plenty of folks here who not only know what a DH module is, but how to get you moving in the right direction really fast.

Oh, btw, your payment processor should have loaded the correct encryption modules on your device(s) before they were ever heated up. And they should have been verified before you could even take a card. I hope you don't end up in a mess.

WrCombs

@scotth said in What Are You Doing Right Now:

@scotth said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

How can I check SSL Cert Expiration dates? and what's the next step on get an SSL Cert that isn't expired?

what in the hell is a Diffie-Hellman Module?
and how do I get one implemented to be over 2048 bits?

You could bring someone on board right now to help you remediate if necessary. I'm sure there are plenty of folks here who not only know what a DH module is, but how to get you moving in the right direction really fast.

Oh, btw, your payment processor should have loaded the correct encryption modules on your device(s) before they were ever heated up. And they should have been verified before you could even take a card. I hope you don't end up in a mess.

what do you mean?

scotth

@WrCombs said in What Are You Doing Right Now:

@scotth said in What Are You Doing Right Now:

@scotth said in What Are You Doing Right Now:

@WrCombs said in What Are You Doing Right Now:

How can I check SSL Cert Expiration dates? and what's the next step on get an SSL Cert that isn't expired?

what in the hell is a Diffie-Hellman Module?
and how do I get one implemented to be over 2048 bits?

You could bring someone on board right now to help you remediate if necessary. I'm sure there are plenty of folks here who not only know what a DH module is, but how to get you moving in the right direction really fast.

Oh, btw, your payment processor should have loaded the correct encryption modules on your device(s) before they were ever heated up. And they should have been verified before you could even take a card. I hope you don't end up in a mess.

what do you mean?

All of our payment devices are loaded with encryption modules by the payment processor when we receive them. They also force us to use their firewall / router solution whether behind our firewall or not. When we connect up a payment device or if it's built into the POS, the payment processor transacts the cards. We only get reports of sales. Never card information. Remediation is their responsibility.

scottalanmiller

Just added the Sonata Switchboard to our VitalPBX

CloudKnight

@scottalanmiller are you not using freepbx anymore?

JaredBusch

@StuartJordan said in What Are You Doing Right Now:

@scottalanmiller are you not using freepbc anymore?

He likes closed source better

Closed source that uses old technology by default.